wpnfd_1_10_0_9.sys

Word Proser Driver x86

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd_1_10_0_9.sys by Wordprosers has been detected as adware by 4 anti-malware scanners. It runs as a Windows kernel mode device driver named “wpnfd_1_10_0_9”. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Driver x86

Version:
1.10.0.9

MD5:
d3c0038453fd11b098ac4c89b7da31ce

SHA-1:
214a18cfb543fdb936875741c14e56f8ae39ea98

SHA-256:
b99497eba820d6cc270c477e4c1b677c0bc11df84a4fec4f38c6c48d3c5f2a1b

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/25/2024 12:36:00 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Popad.10
9.0.1.05190

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

Kaspersky
not-a-virus:AdWare.Win64.Vitruvian
15.0.0.543

Reason Heuristics
PUP.InfoAtoms
15.2.11.11

File size:
51.5 KB (52,736 bytes)

Product version:
1.10.0.9

Copyright:
Copyright (C) 2015

Original file name:
wpnfd.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wpnfd_1_10_0_9.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 9:58:57 AM

Valid to:
6/30/2016 9:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
8/21/2012 6:34:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:VH47urAd7AVbTXO2vZd1VjXjurCIDaCCepa+ez8oc3fDK1C5Etg23iy:B47ue7ITew1JXCrdDqe43cP2Q+tOy

Entry address:
0xA085

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 8C, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 08, 8B, 01, 00, B8, 00, 8C, 01, 00, C1, E8, 08, 33, 02, A3, 00, 8C, 01, 00, 75, 07, 8B, C1, A3, 00, 8C, 01, 00, F7, D0, A3, 04, 8C, 01, 00, 5D, E9, 51, E7, FF, FF, CC, 2C, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, A4, 00, 00, 94, 8A, 00, 00, 18, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, A4, 00, 00, 80, 8A, 00, 00, 24, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FA, A4, 00, 00, 8C, 8A, 00, 00, 00...
 
[+]

Entropy:
6.2943

Code size:
34.8 KB (35,584 bytes)

Driver
Display name:
wpnfd_1_10_0_9

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove wpnfd_1_10_0_9.sys - Powered by Reason Core Security